Skip to content

Commit

Permalink
Use bind parameters in dbTagList query
Browse files Browse the repository at this point in the history
  • Loading branch information
@salty-horse
salty-horse committed Dec 10, 2024
1 parent 311ac80 commit 7f5e709
Showing 1 changed file with 15 additions and 13 deletions.
28 changes: 15 additions & 13 deletions www/viewgame
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2733,27 +2733,29 @@ import {initTagTable} from './viewgame.js';

var dbTagList = [
<?php
$isMine = ($curuser
? "sum(userid = '$curuser' and gameid = '$qid')"
: "0");
$result = mysql_query(
if ($curuser) {
$isMine = "sum(userid = ? and gameid = ?)";
$isMineParams = [$curuser, $id];
} else {
$isMine = "0";
$isMineParams = [];
}
$result = mysqli_execute_query($db,
"select
tag,
sum(gameid = '$qid') as tagcnt,
sum(gameid = ?) as tagcnt,
count(distinct gameid) as gamecnt,
$isMine as isMine
from gametags
where tag in (select tag from gametags where gameid = '$qid')
where tag in (select tag from gametags where gameid = ?)
group by tag
order by tag", $db);
$cnt = mysql_num_rows($result);
order by tag", [$id, ...$isMineParams, $id]);

for ($i = 0 ; $i < $cnt ; $i++) {
list($tag, $tagcnt, $gamecnt, $isMine) = mysql_fetch_row($result);
while ($row = mysql_fetch_row($result)) {
[$tag, $tagcnt, $gamecnt, $isMine] = $row;
$tag = jsSpecialChars($tag);
echo ($i > 0 ? "," : "")
. "{tag: \"$tag\", tagcnt: $tagcnt, "
. "gamecnt: $gamecnt, isMine: $isMine}";
echo "{tag: \"$tag\", tagcnt: $tagcnt, "
. "gamecnt: $gamecnt, isMine: $isMine},";
}
?>
];
Expand Down

0 comments on commit 7f5e709

Please sign in to comment.